Apple quickly released a patch for CVE-2014-9295 which was for a flaw with NTP. NTP is what keeps the system time in sync by communicating with network time servers. While there are special circumstances required, the flaws allowed a remote attacker to execute code. This was the first usage of Apple's automatic security updates. Apple only patched OS X 10.8, 10.9. and 10.10. We still have customers running many systems on OS X 10.6. We complied NTP for OS X 10.6.8 with this patch and packaged it into an easy to install package. Just run the package, no reboot required.
The files that are written by the installer package are placed in this repository.
To verify the install has upgraded run
ntpd --version
The updated version will be: ntpd [email protected]
The original version should have been: 4.2.4p4
No warranties are given in use of this installer. Always test before running in production.
There is no uninstaller.